Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Over 30 vulnerabilities found in Google App Engine

Lucian Constantin | Dec. 10, 2014
Researchers escaped the Java sandbox on the cloud platform and executed code on the underlying system.

A remote code execution flaw in Google App Engine would qualify for a $20,000 reward under the Google Vulnerability Reward Program, but it's not clear if Security Explorations followed all of the program's rules, which call for advance notice to Google before public disclosure and not disrupting or damaging the tested service.

"We are neither participating in, nor following any Bug Bounty programs," Gowdiak wrote. "Over the last 6 years of activity we have found dozens of security issues that impacted hundreds of millions of people (just to mention Oracle Java flaws) or devices (security issues in set-top-box chipsets). We have never received any reward for our work from any vendor. That said, we don't expect to receive anything this time either."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.